In the early days of selling IoT solutions, one of the biggest hurdles to winning business was winning over the IT department. The idea of unattended, unmanaged appliances connected to a network that houses core business processes and customer data is a nightmarish scenario for those in charge of managing IT services. Many projects stalled, or never came to fruition due to the “not on my network” stance taken by IT leadership.
As the technology has evolved, it is becoming more common for commercial and industrial IoT systems to be completely segregated from corporate networks. In many cases, IoT networks have no physical connection with corporate IT equipment, and reach the internet via a dedicated path (which will increase with the emergence of 5G). While IT departments may sleep easier knowing that the fleet of wireless sensors recently purchased by the operations team does not reside on the corporate network, there are still significant security risks that must be addressed.As the global IoT device count approaches 20B, companies installing IoT systems will encounter a new set of risks associated with managing devices that control real-world machines. One of those risks is tied to a key benefit provided by IoT technology: Automation.
Automation is one of the biggest sources for ROI in making a case for an IoT system. But even a simple automation routine could expose an organization to risks that could negate the savings generated from removing the human component.
TrendMicro recently published a report on security risks in complex IoT environments. Using smart buildings and smart homes as an example, researchers described in detail the multitude of vulnerabilities IoT devices can create. Some are fairly obvious, such as not properly securing a device or a network thereby providing access to attackers. But TrendMicro also found that “logic bugs” that exist within the automation schema can pose a significant risks as well.
As an example, consider one of the common use cases in agriculture: using IoT sensors to control irrigation based on soil conditions. Those same devices may also receive and analyze data from weather stations via cloud APIs. An unsecured sensor could be exploited to cause the automation logic to fail, resulting in excessive watering, or no watering at all. Both events could have significant economic consequences.
At Procurant, we believe IoT-driven solutions offer tremendous potential savings and benefits across the food supply chain. But we recommend a measured approach when beginning to apply IoT to your operations. Every situation is unique, but a few rules of thumb would be:
- Start with automating tasks/functions that are low-risk.
- Resist overly complex automation rules.
- Work closely with your IT team and IoT System Integrator to ensure that a cybersecurity framework is developed that can scale with your business.
As our food supply chain gets more complex and increasingly automated we all need to be vigilant about the line between opportunity and risk. It also helps to move forward with the right partner and with a team you can trust to realize your full ROI on this amazing new technology.